16 files changed, 78 insertions, 47 deletions
diff --git a/pkg/api/handlers/compat/networks.go b/pkg/api/handlers/compat/networks.go
index 1e80cc91d..80b7505df 100644
--- a/pkg/api/handlers/compat/networks.go
+++ b/pkg/api/handlers/compat/networks.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/containernetworking/cni/libcni"
 	"github.com/containers/podman/v2/libpod"
+	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/api/handlers/utils"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	"github.com/containers/podman/v2/pkg/domain/infra/abi"
@@ -44,9 +45,7 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) {
 	name := utils.GetName(r)
 	_, err = network.InspectNetwork(config, name)
 	if err != nil {
-		// TODO our network package does not distinguish between not finding a
-		// specific network vs not being able to read it
-		utils.InternalServerError(w, err)
+		utils.NetworkNotFound(w, name, err)
 		return
 	}
 	report, err := getNetworkResourceByName(name, runtime)
@@ -285,7 +284,7 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if !exists {
-		utils.Error(w, "network not found", http.StatusNotFound, network.ErrNetworkNotFound)
+		utils.Error(w, "network not found", http.StatusNotFound, define.ErrNoSuchNetwork)
 		return
 	}
 	if err := network.RemoveNetwork(config, name); err != nil {
diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go
index 3421f0836..51013acf1 100644
--- a/pkg/api/handlers/libpod/images.go
+++ b/pkg/api/handlers/libpod/images.go
@@ -594,11 +594,9 @@ func CommitContainer(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// I know mitr hates this ... but doing for now
-	if len(query.Repo) > 1 {
+	if len(query.Repo) > 0 {
 		destImage = fmt.Sprintf("%s:%s", query.Repo, tag)
 	}
-
 	commitImage, err := ctr.Commit(r.Context(), destImage, options)
 	if err != nil && !strings.Contains(err.Error(), "is not running") {
 		utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrapf(err, "CommitFailure"))
@@ -638,6 +636,7 @@ func SearchImages(w http.ResponseWriter, r *http.Request) {
 	query := struct {
 		Term      string   `json:"term"`
 		Limit     int      `json:"limit"`
+		NoTrunc   bool     `json:"noTrunc"`
 		Filters   []string `json:"filters"`
 		TLSVerify bool     `json:"tlsVerify"`
 	}{
@@ -650,7 +649,8 @@ func SearchImages(w http.ResponseWriter, r *http.Request) {
 	}
 
 	options := image.SearchOptions{
-		Limit: query.Limit,
+		Limit:   query.Limit,
+		NoTrunc: query.NoTrunc,
 	}
 	if _, found := r.URL.Query()["tlsVerify"]; found {
 		options.InsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
@@ -677,7 +677,7 @@ func SearchImages(w http.ResponseWriter, r *http.Request) {
 	for i := range searchResults {
 		reports[i].Index = searchResults[i].Index
 		reports[i].Name = searchResults[i].Name
-		reports[i].Description = searchResults[i].Index
+		reports[i].Description = searchResults[i].Description
 		reports[i].Stars = searchResults[i].Stars
 		reports[i].Official = searchResults[i].Official
 		reports[i].Automated = searchResults[i].Automated
diff --git a/pkg/api/handlers/libpod/networks.go b/pkg/api/handlers/libpod/networks.go
index 9237a41ce..475522664 100644
--- a/pkg/api/handlers/libpod/networks.go
+++ b/pkg/api/handlers/libpod/networks.go
@@ -5,10 +5,10 @@ import (
 	"net/http"
 
 	"github.com/containers/podman/v2/libpod"
+	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/api/handlers/utils"
 	"github.com/containers/podman/v2/pkg/domain/entities"
 	"github.com/containers/podman/v2/pkg/domain/infra/abi"
-	"github.com/containers/podman/v2/pkg/network"
 	"github.com/gorilla/schema"
 	"github.com/pkg/errors"
 )
@@ -78,7 +78,7 @@ func RemoveNetwork(w http.ResponseWriter, r *http.Request) {
 	}
 	if reports[0].Err != nil {
 		// If the network cannot be found, we return a 404.
-		if errors.Cause(err) == network.ErrNetworkNotFound {
+		if errors.Cause(err) == define.ErrNoSuchNetwork {
 			utils.Error(w, "Something went wrong", http.StatusNotFound, err)
 			return
 		}
@@ -104,7 +104,7 @@ func InspectNetwork(w http.ResponseWriter, r *http.Request) {
 	reports, err := ic.NetworkInspect(r.Context(), []string{name}, options)
 	if err != nil {
 		// If the network cannot be found, we return a 404.
-		if errors.Cause(err) == network.ErrNetworkNotFound {
+		if errors.Cause(err) == define.ErrNoSuchNetwork {
 			utils.Error(w, "Something went wrong", http.StatusNotFound, err)
 			return
 		}
diff --git a/pkg/api/handlers/types.go b/pkg/api/handlers/types.go
index a17f5df56..0ccaa95bb 100644
--- a/pkg/api/handlers/types.go
+++ b/pkg/api/handlers/types.go
@@ -203,15 +203,6 @@ func ImageToImageSummary(l *libpodImage.Image) (*entities.ImageSummary, error) {
 		return nil, errors.Wrapf(err, "Failed to obtain RepoTags for image %s", l.ID())
 	}
 
-	history, err := l.History(context.TODO())
-	if err != nil {
-		return nil, errors.Wrapf(err, "Failed to obtain History for image %s", l.ID())
-	}
-	historyIds := make([]string, len(history))
-	for i, h := range history {
-		historyIds[i] = h.ID
-	}
-
 	digests := make([]string, len(l.Digests()))
 	for i, d := range l.Digests() {
 		digests[i] = string(d)
@@ -233,7 +224,7 @@ func ImageToImageSummary(l *libpodImage.Image) (*entities.ImageSummary, error) {
 		Digest:       string(l.Digest()),
 		Digests:      digests,
 		ConfigDigest: string(l.ConfigDigest),
-		History:      historyIds,
+		History:      l.NamesHistory(),
 	}
 	return &is, nil
 }
diff --git a/pkg/api/handlers/utils/errors.go b/pkg/api/handlers/utils/errors.go
index 5a99529c6..bf9b18960 100644
--- a/pkg/api/handlers/utils/errors.go
+++ b/pkg/api/handlers/utils/errors.go
@@ -39,6 +39,7 @@ func VolumeNotFound(w http.ResponseWriter, name string, err error) {
 	msg := fmt.Sprintf("No such volume: %s", name)
 	Error(w, msg, http.StatusNotFound, err)
 }
+
 func ContainerNotFound(w http.ResponseWriter, name string, err error) {
 	if errors.Cause(err) != define.ErrNoSuchCtr {
 		InternalServerError(w, err)
@@ -55,6 +56,14 @@ func ImageNotFound(w http.ResponseWriter, name string, err error) {
 	Error(w, msg, http.StatusNotFound, err)
 }
 
+func NetworkNotFound(w http.ResponseWriter, name string, err error) {
+	if errors.Cause(err) != define.ErrNoSuchNetwork {
+		InternalServerError(w, err)
+	}
+	msg := fmt.Sprintf("No such network: %s", name)
+	Error(w, msg, http.StatusNotFound, err)
+}
+
 func PodNotFound(w http.ResponseWriter, name string, err error) {
 	if errors.Cause(err) != define.ErrNoSuchPod {
 		InternalServerError(w, err)
diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go
index 7f060d098..cb4ce4fe7 100644
--- a/pkg/api/server/register_images.go
+++ b/pkg/api/server/register_images.go
@@ -972,6 +972,10 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
 	//    type: integer
 	//    description: maximum number of results
 	//  - in: query
+	//    name: noTrunc
+	//    type: boolean
+	//    description: do not truncate any of the result strings
+	//  - in: query
 	//    name: filters
 	//    type: string
 	//    description: |
diff --git a/pkg/api/server/register_ping.go b/pkg/api/server/register_ping.go
index 4a8d2c768..4e299008c 100644
--- a/pkg/api/server/register_ping.go
+++ b/pkg/api/server/register_ping.go
@@ -9,9 +9,8 @@ import (
 
 func (s *APIServer) registerPingHandlers(r *mux.Router) error {
 
-	r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet)
-	r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodHead)
-
+	r.Handle("/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
+	r.Handle(VersionedPath("/_ping"), s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
 	// swagger:operation GET /libpod/_ping libpod libpodPingGet
 	// ---
 	//   summary: Ping service
@@ -62,7 +61,7 @@ func (s *APIServer) registerPingHandlers(r *mux.Router) error {
 	//               determine if talking to Podman engine or another engine
 	//     500:
 	//       $ref: "#/responses/InternalError"
-	r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet)
-	r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodHead)
+	r.Handle("/libpod/_ping", s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
+	r.Handle(VersionedPath("/libpod/_ping"), s.APIHandler(compat.Ping)).Methods(http.MethodGet, http.MethodHead)
 	return nil
 }
diff --git a/pkg/bindings/images/images.go b/pkg/bindings/images/images.go
index fc8c9996e..12d1a9ce9 100644
--- a/pkg/bindings/images/images.go
+++ b/pkg/bindings/images/images.go
@@ -439,6 +439,7 @@ func Search(ctx context.Context, term string, opts entities.ImageSearchOptions)
 	params := url.Values{}
 	params.Set("term", term)
 	params.Set("limit", strconv.Itoa(opts.Limit))
+	params.Set("noTrunc", strconv.FormatBool(opts.NoTrunc))
 	for _, f := range opts.Filters {
 		params.Set("filters", f)
 	}
diff --git a/pkg/bindings/test/containers_test.go b/pkg/bindings/test/containers_test.go
index c1a01c280..9a188e5da 100644
--- a/pkg/bindings/test/containers_test.go
+++ b/pkg/bindings/test/containers_test.go
@@ -280,6 +280,7 @@ var _ = Describe("Podman containers ", func() {
 	})
 
 	It("podman wait to pause|unpause condition", func() {
+		Skip("FIXME: https://github.com/containers/podman/issues/6518")
 		var (
 			name           = "top"
 			exitCode int32 = -1
diff --git a/pkg/network/config.go b/pkg/network/config.go
index a504e0ad0..0115433e1 100644
--- a/pkg/network/config.go
+++ b/pkg/network/config.go
@@ -2,7 +2,6 @@ package network
 
 import (
 	"encoding/json"
-	"errors"
 	"net"
 )
 
@@ -20,10 +19,6 @@ const (
 	DefaultPodmanDomainName = "dns.podman"
 )
 
-var (
-	ErrNetworkNotFound = errors.New("network not found")
-)
-
 // GetDefaultPodmanNetwork outputs the default network for podman
 func GetDefaultPodmanNetwork() (*net.IPNet, error) {
 	_, n, err := net.ParseCIDR("10.88.1.0/24")
diff --git a/pkg/network/files.go b/pkg/network/files.go
index beb3289f3..38ce38b97 100644
--- a/pkg/network/files.go
+++ b/pkg/network/files.go
@@ -10,6 +10,7 @@ import (
 	"github.com/containernetworking/cni/libcni"
 	"github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v2/libpod/define"
 	"github.com/pkg/errors"
 )
 
@@ -55,7 +56,7 @@ func GetCNIConfigPathByName(config *config.Config, name string) (string, error)
 			return confFile, nil
 		}
 	}
-	return "", errors.Wrap(ErrNetworkNotFound, fmt.Sprintf("unable to find network configuration for %s", name))
+	return "", errors.Wrap(define.ErrNoSuchNetwork, fmt.Sprintf("unable to find network configuration for %s", name))
 }
 
 // ReadRawCNIConfByName reads the raw CNI configuration for a CNI
diff --git a/pkg/network/network.go b/pkg/network/network.go
index 6c84c8a8a..b24c72f5f 100644
--- a/pkg/network/network.go
+++ b/pkg/network/network.go
@@ -8,6 +8,7 @@ import (
 	"github.com/containernetworking/cni/pkg/types"
 	"github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator"
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -200,7 +201,7 @@ func InspectNetwork(config *config.Config, name string) (map[string]interface{},
 func Exists(config *config.Config, name string) (bool, error) {
 	_, err := ReadRawCNIConfByName(config, name)
 	if err != nil {
-		if errors.Cause(err) == ErrNetworkNotFound {
+		if errors.Cause(err) == define.ErrNoSuchNetwork {
 			return false, nil
 		}
 		return false, err
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index d3e43e44d..eaf2d4551 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -860,7 +860,7 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re
       fprintf (stderr, "cannot read from sync pipe: %s\n", strerror (errno));
       _exit (EXIT_FAILURE);
     }
-  if (b != '0')
+  if (ret != 1 || b != '0')
     _exit (EXIT_FAILURE);
 
   if (syscall_setresgid (0, 0, 0) < 0)
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index b1f200cc2..ccc8a1d94 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -97,7 +97,11 @@ func GetRootlessGID() int {
 	return os.Getegid()
 }
 
-func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap) error {
+func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) error {
+	var tool = "newuidmap"
+	if !uid {
+		tool = "newgidmap"
+	}
 	path, err := exec.LookPath(tool)
 	if err != nil {
 		return errors.Wrapf(err, "cannot find %s", tool)
@@ -110,6 +114,15 @@ func tryMappingTool(tool string, pid int, hostID int, mappings []idtools.IDMap)
 	args := []string{path, fmt.Sprintf("%d", pid)}
 	args = appendTriplet(args, 0, hostID, 1)
 	for _, i := range mappings {
+		if hostID >= i.HostID && hostID < i.HostID+i.Size {
+			what := "UID"
+			where := "/etc/subuid"
+			if !uid {
+				what = "GID"
+				where = "/etc/subgid"
+			}
+			return errors.Errorf("invalid configuration: the specified mapping %d:%d in %q includes the user %s", i.HostID, i.Size, where, what)
+		}
 		args = appendTriplet(args, i.ContainerID+1, i.HostID, i.Size)
 	}
 	cmd := exec.Cmd{
@@ -175,7 +188,7 @@ func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) {
 	return uids, gids, nil
 }
 
-func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool, int, error) {
+func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ bool, _ int, retErr error) {
 	if os.Geteuid() == 0 || os.Getenv("_CONTAINERS_USERNS_CONFIGURED") != "" {
 		if os.Getenv("_CONTAINERS_USERNS_CONFIGURED") == "init" {
 			return false, 0, runInUser()
@@ -205,7 +218,11 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
 	defer errorhandling.CloseQuiet(r)
 	defer errorhandling.CloseQuiet(w)
 	defer func() {
-		if _, err := w.Write([]byte("0")); err != nil {
+		toWrite := []byte("0")
+		if retErr != nil {
+			toWrite = []byte("1")
+		}
+		if _, err := w.Write(toWrite); err != nil {
 			logrus.Errorf("failed to write byte 0: %q", err)
 		}
 	}()
@@ -223,7 +240,11 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
 
 	uidsMapped := false
 	if uids != nil {
-		err := tryMappingTool("newuidmap", pid, os.Geteuid(), uids)
+		err := tryMappingTool(true, pid, os.Geteuid(), uids)
+		// If some mappings were specified, do not ignore the error
+		if err != nil && len(uids) > 0 {
+			return false, -1, err
+		}
 		uidsMapped = err == nil
 	}
 	if !uidsMapped {
@@ -245,7 +266,11 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (bool,
 
 	gidsMapped := false
 	if gids != nil {
-		err := tryMappingTool("newgidmap", pid, os.Getegid(), gids)
+		err := tryMappingTool(false, pid, os.Getegid(), gids)
+		// If some mappings were specified, do not ignore the error
+		if err != nil && len(gids) > 0 {
+			return false, -1, err
+		}
 		gidsMapped = err == nil
 	}
 	if !gidsMapped {
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index b8ab1399e..7adb8be6a 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -462,6 +462,10 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt
 func GetNamespaceOptions(ns []string) ([]libpod.PodCreateOption, error) {
 	var options []libpod.PodCreateOption
 	var erroredOptions []libpod.PodCreateOption
+	if ns == nil {
+		//set the default namespaces
+		ns = strings.Split(specgen.DefaultKernelNamespaces, ",")
+	}
 	for _, toShare := range ns {
 		switch toShare {
 		case "cgroup":
diff --git a/pkg/specgen/generate/ports.go b/pkg/specgen/generate/ports.go
index 1ad7e6f4d..7dd50ac0d 100644
--- a/pkg/specgen/generate/ports.go
+++ b/pkg/specgen/generate/ports.go
@@ -123,19 +123,20 @@ func parsePortMapping(portMappings []specgen.PortMapping) ([]ocicni.PortMapping,
 						postAssignHostPort = true
 					}
 				} else {
-					testCPort := ctrPortMap[cPort]
-					if testCPort != 0 && testCPort != hPort {
-						// This is an attempt to redefine a port
-						return nil, nil, nil, errors.Errorf("conflicting port mappings for container port %d (protocol %s)", cPort, p)
-					}
-					ctrPortMap[cPort] = hPort
-
 					testHPort := hostPortMap[hPort]
 					if testHPort != 0 && testHPort != cPort {
 						return nil, nil, nil, errors.Errorf("conflicting port mappings for host port %d (protocol %s)", hPort, p)
 					}
 					hostPortMap[hPort] = cPort
 
+					// Mapping a container port to multiple
+					// host ports is allowed.
+					// We only store the latest of these in
+					// the container port map - we don't
+					// need to know all of them, just one.
+					testCPort := ctrPortMap[cPort]
+					ctrPortMap[cPort] = hPort
+
 					// If we have an exact duplicate, just continue
 					if testCPort == hPort && testHPort == cPort {
 						continue